Posted by: Pdfprep
Post Date: October 25, 2020
You find that a host (192.168.1.4) being used on one of your client’s networks has been compromised with a backdoor program listening on port 31337.
Your client requests a list of originating IP addresses connecting to that port.
Using a Linux workstation as traffic analyzer, which of the following commands would gather the data requested by the client?
A . tcpdump host 192.168.1.4 and port 31337 -w out
B . nmap host 192.168.1.4:31337
C . arpwatch -n 192.168.1.4/32 -p 31337 > capture
D . pcap -d 192.168.1.4:31337
E . ipwatch –syn 192.168.1.4 -p 31337 –1og=out
Answer: A
Leave a Reply